The Information-Based Indicia Program (IBIP) is a distributed trusted system proposed by the United States Postal Service (USPS). The IBIP is expected to support new methods of applying postage in addition to, and eventually in lieu of, the current approach, which typically relies on a postage meter to mechanically print indicia on mailpieces. The IBIP requires printing large, high density, two dimensional (2-D) bar codes on mailpieces. The Postal Service expects the IBIP to provide cost-effective assurance of postage payment for each mailpiece processed.
The USPS has published draft specifications for the IBIP. The INFORMATION BASED INDICIA PROGRAM (IBIP) INDICIUM SPECIFICATION, dated Jun. 13, 1996, defines the proposed requirements for a new indicium that will be applied to mail being processed using the IBIP. The INFORMATION BASED INDICIA PROGRAM POSTAL SECURITY DEVICE SPECIFICATION, dated Jun. 13, 1996, defines the proposed requirements for a Postal Security Device (PSD) that will provide security services to support the creation of a new "information based" postage postmark or indicium that will be applied to mail being processed using the IBIP. The INFORMATION BASED INDICIA PROGRAM HOST SYSTEM SPECIFICATION, dated Oct. 9, 1996, defines the proposed requirements for a host system element of the IBIP. The specifications are collectively referred to herein as the "IBIP Specifications". The IBIP includes interfacing user (customer), postal and vendor infrastructures which are the system elements of the program.
The user infrastructure, which resides at the user's site, comprises a postage security device (PSD) coupled to a host system. The PSD is a secure processor-based accounting device that dispenses and accounts for postal value stored therein. The host system (Host) may be a personal computer (PC) or a meter-based host processor.
It is expected that once the IBIP is launched, the volume of meters will increase significantly when the PC-based meters are introduced. Such volume increase is expected in the small office and home office (SOHO) market.
The IBIP Specifications address and resolve issues which minimize if not eliminate USPS risks regarding security and fraud. However, the IBIP Specifications do not address all of the risks that will be assumed by meter users in the IBIP. There are more risks for meter users in the IBIP than in conventional metering systems because communications between the user infrastructure and the postal and vendor infrastructures contain much more user information than in such conventional metering systems.
Under conventional postage evidencing infrastructure, communications have been point to point, with limited, meter specific information transmitted to and from conventional meters. Under the IBIP, postage metering is evolving in a manner consistent with new communications technology, such as networked computer systems, internet, cellular communications and the like. Under the IBIP, communications between user infrastructure, i.e. the Host and PSD, and the IBIP infrastructure will include user confidential information, such as credit card numbers and addresses. It will be understood that communications over a network, the internet or a cellular system are more susceptible to interception and tampering by an attacker than conventional point to point communications that have heretofore been used with postage metering systems. An attacker could intercept user data as it is transmitted, masquerade as the user or gain sensitive user information. Therefore, the customer is at risk by using such new types of communications.
It is known to perform a mutual authentication of a vendor and user communications for the purpose of protecting vendor and user information. For example, Secure Sockets Layer (SSL), as proposed by Netscape Communications, is a proposed standard for the achieving such authentication. SSL, which is used on the internet and other communication systems, authenticates the vendor/server to the user and optionally the user to the vendor/server. However, SSL requires a trusted third party, such as a certificate authority, to certify the identity of the users and their associated keys.